March 29, 2016 at 9:53 am
Comments posted to this topic are about the item Track Your Consultants
March 29, 2016 at 10:00 am
As a consultant I wholeheartedly agree. Do not give me complete freedom. I don't want it. I prefer to work for clients who take their own security seriously and give me the least privileges to do my job in assisting them. Any more than that and I fear what other people not only can do but have done.
Gaz
-- Stop your grinnin' and drop your linen...they're everywhere!!!
March 29, 2016 at 10:11 am
Where does optional SSL encryption fit into this picture? Does anyone here use this?
https://technet.microsoft.com/en-us/library/ms189067(v=sql.105).aspx
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
March 29, 2016 at 10:45 am
I have been wary of consultants since a previous company paid a lot of money for very little. Saying that I am also wary of people with Prince II certification and/or an MBA qualification because they seem to make to many school boy errors. Obviously security is very important but people who cannot do a professional job are an additional risk as they are more likely to miss issues relating to security.
March 29, 2016 at 11:16 am
Great information to share with my sysadmin.
March 29, 2016 at 1:45 pm
I'd be more wary of fresh interns and fly by night contractors than I would consultants.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
March 29, 2016 at 1:50 pm
Has anyone confirmed this works with SSMS and know what steps are needed for the client side connection?
How to configure SSL encryption in SQL Server
https://www.mssqltips.com/sqlservertip/3299/how-to-configure-ssl-encryption-in-sql-server/
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
March 29, 2016 at 2:00 pm
... and I know as well consultants which take security more serious than the companies they are working for - it seems to easy to just glorify the insiders and blame all externals 😉
March 29, 2016 at 2:21 pm
Eric M Russell (3/29/2016)
Where does optional SSL encryption fit into this picture? Does anyone here use this?https://technet.microsoft.com/en-us/library/ms189067(v=sql.105).aspx
I've done this in testing with a self signed certificate. We did this years ago for one server, but it proved to be problematic for clients and making changes to our system. We decided it wasn't worth the hassle, administratively.
Instead we relied on VPN for clients and limiting access through firewalls.
March 30, 2016 at 6:46 am
While I agree with tracking your consultants, this tends to miss huge issue. For all you know, the guy who appears to need help opening a web browser might just be running the same tools and robbing the company blind. It amazes me how many times I have heard, "our users aren't that sophisticated." And yet, I have run across users who might be more sophisticated than you would guess.
March 30, 2016 at 6:49 am
kiwood (3/30/2016)
While I agree with tracking your consultants, this tends to miss huge issue. For all you know, the guy who appears to need help opening a web browser might just be running the same tools and robbing the company blind. It amazes me how many times I have heard, "our users aren't that sophisticated." And yet, I have run across users who might be more sophisticated than you would guess.
In this day and age, you never know who is a closet hacker or amateur spy.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
Viewing 11 posts - 1 through 10 (of 10 total)
You must be logged in to reply to this topic. Login to reply